Printed from www.pcpro.co.uk
DIY phishing kits widely available on the Net
Posted on 19 Aug 2004 at 11:33
DIY phishing kits are being widely made available on the Internet warns the security company Sophos.
'Phishing' is the practice of duping people to reveal sensitive financial information by means of bogus websites and emails, often purporting to come from trusted sources. This development can only increase the incidence of attacks. Indeed, these are already starting to rival spam in terms of the numbers of emails involved - Phishing scams rival virus attacks in email tally
'Until now, phishing attacks have been largely the work of organised criminal gangs,' warned Graham Cluley, senior technology consultant at Sophos. 'The emergence of these "build your own phish" kits, however, mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details.'
According to Sophos, the DIY kits contain graphics, source code and example text to help construct bogus websites that have the look-and-feel of legitimate online banking sites. Inevitably, there is also a link with spamming - software is included that enables potential fraudsters to pump out phishing emails as bait.
The motive, of course, is financial and eastern European gangs are already specialising in such attacks. Others are likely to try and follow in such fraudulent footsteps. 'There is plenty of profit to be made from Phishing,' said Cluley. 'By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise.'
Certainly the current prevalence of phishing should not be underestimated. Such scams are already estimated to cost banks and other financial institutions as much as $400mn in fraud this year, according to research group Financial Insights. And reported incidences of phishing scams are running at more than a thousand a month, according to the Anti-Phishing Working Group. Such a situation can only worsen if Phishing-kiddies start getting in on the act, too.
You can see examples of phishing scams in this earlier article.
See also:
Cost of Phishing scams estimated at $400mn this year
Phishing scams rival virus attacks in email tally
Phishing scams rise 50 per cent in a month
Phishing: Real scams, fake sites
Author: Alun Williams
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
